Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Remediation

References

https://github.com/developmentil/ecdh/issues/3

Related Vulnerabilities

CVE-2023-37466 Vulnerability in maven package org.webjars.npm:vm2

CVE-2023-3276 Vulnerability in maven package cn.hutool:hutool-core

CVE-2022-4111 Vulnerability in npm package tooljet

CVE-2018-20594 Vulnerability in maven package org.hswebframework.web:hsweb-system-workflow-local

CVE-2022-25898 Vulnerability in maven package org.webjars.npm:jsrsasign

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Issue Tracking